Posts by Pink Duck

Page:

Deleted account

Surprised to find I had used Google to authenticate with them at some point. Wouldn't let me delete the account until setting a password though. So I did, "deleteme", then deleted the account. All a bit late, but these breaches are far too many and frequent now that we may as well give up all hope of having anything not widely known about us any more. Like most incidents like this, I just black-list the service and never use it again.

Question

I've been feeling a lot less anxious since enabling their PIN to Drive feature for 2FA overnight and in the office, as then even if keys/phone are swiped there's no silently driving off never to be seen again.

Green winner for me

I recently switched from OvoEnergy who want £60/year more for 100% renewable electricity to Bulb, a 100% renewable electricity offering with 10% biomass. Rather good bonus of £50 each for referrals and they're even paying the exit fees. Obligatory referral link.

I'll be scheduling my EV to charge from 01:30 to 08:00 and though there's nothing too evident in the UK grid graphs yet, there is a noticeable mini-peak between 00:00 and 01:30 for the Economy-7 users.

Re: Sites also a problem

BT Email affected too

Received emails from old BT Yahoo! accounts suggesting a password reset recently, a little surprised to find they were still active. Rather bothersome to have relative's actual security answers out in the wild now, just re-enforcing my view that they should always be made-up.

What's disgraceful are the sites that don't allow passwords to be set up from any Unicode characters of any length. Worse still the ones that allow you to set a password but then only log in with the DB clipped 15 characters of it. Particularly bothersome has been BBC ID and UK GOV, where passwords have to be downgraded to work through mobile authentication. I keep notes on the rejected characters and weird rules for the various sites. I'm also developing a new system with proper client and server-side salted hashing and SSL/TLS.

Waiting for version 1

Edge still feels like an under development browser. It currently breaks our major work web portals unlike any other browser out there, even with feature detection and sane browser sniffing where utterly necessary. An irritating one for me is client-side XSLT outputting Document instead of XmlDocument from a transform to XML.

Speed limits?

It's worth pointing out that OpenStreetMap's coverage of speed limits is very much a work in progress. That significantly affects the routing decisions of satellite navigation using its data. Most of the time it works well enough, but there are roads that without tagging are presumed to be 60 mph but are likely a lower limit in reality.

My favourite problem with Santander is the ever increasing page height in Firefox as they add div upon div to the page every second. Even though I pointed it out to them, twice, over a year I suspect that's still there.

Disappointingly this is not the version in which an official 64-bit release becomes available, as https://bugzilla.mozilla.org/show_bug.cgi?id=471090 illustrates. Flash 64-bit? Check. Java 64-bit? Check. Performance gain? erm… Roll on 20th December (for Fx9).

Makes you wonder

@mark 63

Contactless payment with no authorisation for transactions under £15 GBP means no inserting card into a specific slot, no typing in a PIN number followed by an entry key, probably quicker than cash too.

Fail Point

The real failure was the Scottish Qualifications Authority in providing dates as string format. What happens next time when SQA fills in the spreadsheet with a different date format? Presumably the person doing the import has been spoken to, and perhaps their import tool changed to warn of unexpected data rather than going ahead blindly with defaults.

Impressive

13 years of patches to XP and Microsoft still reckon it will need patching in 2014? Yet stopping the release of security patches via Windows Update will surely reduce the number of active exploits since there’ll be nothing to reverse-engineer.

Inline URL hyperlinking

Dependence on technology?

I would prefer to see less fatal accidents as a result of drivers falling asleep or drifting into the path of oncoming traffic due to distraction. The technology aids are primarily there to enhance safety for those brief moments where they can make a worthwhile intervention.

Hardly important

So JavaScript has to be injected in a page and then a list of predefined URLs used to establish the colouring assigned by the browser based on page history. That excludes capturing anything useful from the querystring and implies that there's already a script injection vulnerability, something of far greater significant in any case.